<?php
require_once ('../config/path_config.php');
require_once(ROOTDIR."admin/admin-header.php");
require_once(ROOTDIR."common/db_utils.php");
require_once(ROOTDIR."config/sys_config.php");

$isAllow = isset($_SESSION['administrator']);
$isAllow |= isset($_SESSION['jgadmin']);
if ( !$isAllow ) {
    echo "<a href='../loginpage.php'>Please Login First!</a>";
    exit(1);
}
function checkAuth($rightStr) {
    $pList = array();
    // 基本权限
    array_push($pList,'viewcode_no_ac', 'viewcode_after_ac', 'teacher', 'parent');
    if ( isset($_SESSION['administrator']) ) {
        array_push($pList, 'administrator', 'problem_editor');
        // 默认展示机构页面
        if ( !isset(SysConfig::$VEND_FOR) || SysConfig::$VEND_FOR =='company' ) {
            array_push($pList, 'jgadmin',  'xxadmin', 'problem_editor', 'problem_checker');
        }
    }
    else if ( isset($_SESSION['jgadmin']) ) {
        array_push($pList,'xxadmin');
    }
    return in_array($rightStr, $pList);
}

if(isset($_POST['do'])){
	require_once("../include/check_post_key.php");
	$user_id=$_POST['user_id'];
	$rightstr =$_POST['rightstr'];
    if ( ! checkAuth($rightstr) ) {
        echo "<br/><br/>";
        echo "不具备该权限!";
        exit(0);
    }
	$sql="insert into `privilege` values(?,?,'N')";
	$rows = DbUtil::getInstance()->query($sql, $user_id, $rightstr);
	echo "$user_id $rightstr added!";
}

?>
<div class="container">
<form method=post>
<?php require("../include/set_post_key.php");?>
	<b>添加用户权限</b><br />
	用户名：<input type=text size=10 name="user_id"><br />
	权限:&nbsp;&nbsp;
	<select name="rightstr">

<?php
$rightarray = array();

// 基本权限
array_push($rightarray,'viewcode_no_ac', 'viewcode_after_ac', 'teacher', 'parent');

if ( isset($_SESSION['administrator']) ) {
    array_push($rightarray, 'administrator', 'problem_editor', 'problem_checker');
    // 默认展示机构页面
    if ( !isset(SysConfig::$VEND_FOR) || SysConfig::$VEND_FOR =='company' ) {
        array_push($rightarray, 'jgadmin',  'xxadmin');
    }
}
else if ( isset($_SESSION['jgadmin']) ) {
    array_push($rightarray,'xxadmin');
}

while(list($key, $val)=each($rightarray)) {
	if (isset($rightstr) && ($rightstr == $val)) {
		echo '<option value="'.$val.'" selected>'.$val.'</option>';
	} else {
		echo '<option value="'.$val.'">'.$val.'</option>';
	}
}
?>
    </select><br />
	<input type='hidden' name='do' value='do'>
	<input type=submit value='添加'>
</form>
</div>
